Back-end authentication with Active Directory

OneSpan Authentication Server may be configured to use Active Directory for back-end authentication of user logon requests. This can be done in two different ways:

Windows back-end authentication

OneSpan Authentication Server can be configured to query Active Directory via a Windows API call. This requires a supported Windows operating system on the OneSpan Authentication Server computer.

LDAP Active Directory

OneSpan Authentication Server can be configured to query Active Directory via an LDAP connection for back-end authentication. This is typically used if a supported Windows operating system is not available on the OneSpan Authentication Server machine. For more information, see Microsoft Active Directory back-end authentication.

When a user's display name contains a backslash ('\'), that user cannot be authenticated by OneSpan Authentication Server. As such, ensure that the display name of all Active Directory users do not contain a backslash.

When upgrading Active Directory domain controllers, the following rule must be obeyed:

• If a server with Windows group users is promoted to an Active Directory domain controller, you must reset the Active Directory password for any user that existed on the server before it was promoted.